Continuous Deployment #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Deployment | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # “At 00:15.” | |
| # https://crontab.guru/#15_0_*_*_* | |
| - cron: "15 0 * * *" | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| publish: | |
| name: Publishing ${{ matrix.job.target }} | |
| runs-on: ${{ matrix.job.os }} | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [stable] | |
| job: | |
| - os: windows-latest | |
| os-name: windows | |
| target: x86_64-pc-windows-msvc | |
| architecture: x86_64 | |
| binary-postfix: ".exe" | |
| use-cross: false | |
| - os: macos-latest | |
| os-name: macos | |
| target: x86_64-apple-darwin | |
| architecture: x86_64 | |
| binary-postfix: "" | |
| use-cross: false | |
| - os: macos-latest | |
| os-name: macos | |
| target: aarch64-apple-darwin | |
| architecture: arm64 | |
| binary-postfix: "" | |
| use-cross: true | |
| - os: ubuntu-latest | |
| os-name: linux | |
| target: x86_64-unknown-linux-gnu | |
| architecture: x86_64 | |
| binary-postfix: "" | |
| use-cross: false | |
| - os: ubuntu-latest | |
| os-name: linux | |
| target: x86_64-unknown-linux-musl | |
| architecture: x86_64 | |
| binary-postfix: "" | |
| use-cross: false | |
| - os: ubuntu-latest | |
| os-name: linux | |
| target: aarch64-unknown-linux-gnu | |
| architecture: arm64 | |
| binary-postfix: "" | |
| use-cross: true | |
| - os: ubuntu-latest | |
| os-name: linux | |
| target: i686-unknown-linux-gnu | |
| architecture: i686 | |
| binary-postfix: "" | |
| use-cross: true | |
| - os: ubuntu-latest | |
| os-name: netbsd | |
| target: x86_64-unknown-netbsd | |
| architecture: x86_64 | |
| binary-postfix: "" | |
| use-cross: true | |
| - os: ubuntu-latest | |
| os-name: linux | |
| target: armv7-unknown-linux-gnueabihf | |
| architecture: armv7 | |
| binary-postfix: "" | |
| use-cross: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Rust toolchain | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1 | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| profile: minimal | |
| override: true | |
| target: ${{ matrix.job.target }} | |
| - name: install compiler | |
| shell: bash | |
| run: | | |
| if [[ ${{ matrix.job.target }} == x86_64-unknown-linux-musl ]]; then | |
| sudo apt update | |
| sudo apt-get install -y musl-tools | |
| fi | |
| - name: install cargo-auditable for non-cross builds | |
| shell: bash | |
| if: ${{ matrix.job.use_cross != true}} | |
| run: | | |
| cargo install cargo-auditable cargo-audit | |
| - uses: Swatinem/rust-cache@e207df5d269b42b69c8bc5101da26f7d31feddb4 # v2 | |
| with: | |
| key: ${{ matrix.job.target }} | |
| - name: Set Version | |
| shell: bash | |
| run: echo "PROJECT_VERSION=$(git describe --tags)" >> $GITHUB_ENV | |
| - name: Cargo build | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1 | |
| if: ${{ matrix.job.use-cross == true }} | |
| with: | |
| command: build | |
| use-cross: ${{ matrix.job.use-cross }} | |
| toolchain: ${{ matrix.rust }} | |
| args: --release --target ${{ matrix.job.target }} | |
| - name: Cargo auditable build | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1 | |
| if: ${{ matrix.job.use-cross == false }} | |
| with: | |
| command: auditable | |
| use-cross: ${{ matrix.job.use-cross }} | |
| toolchain: ${{ matrix.rust }} | |
| args: build --release --target ${{ matrix.job.target }} | |
| - name: Packaging final binary | |
| shell: bash | |
| id: package-binary | |
| run: | | |
| cp -a config target/${{ matrix.job.target }}/release/config | |
| cd target/${{ matrix.job.target }}/release | |
| ########## create tar.gz ########## | |
| # accounting for main branch and therefore nightly builds | |
| if [[ ${{ github.ref }} = refs/heads/main ]]; then | |
| RELEASE_NAME=rustic-nightly-${{ matrix.job.target}}.tar.gz | |
| elif [[ ${{ github.ref }} = refs/tags/* ]]; then | |
| RELEASE_NAME=rustic-${{ github.ref_name }}-${{ matrix.job.target}}.tar.gz | |
| else | |
| RELEASE_NAME=rustic-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.job.target}}.tar.gz | |
| fi | |
| tar czvf $RELEASE_NAME rustic${{ matrix.job.binary-postfix }} config/ | |
| ########## create sha256 ########## | |
| if [[ ${{ runner.os }} == 'Windows' ]]; then | |
| certutil -hashfile $RELEASE_NAME sha256 | grep -E [A-Fa-f0-9]{64} > $RELEASE_NAME.sha256 | |
| else | |
| shasum -a 256 $RELEASE_NAME > $RELEASE_NAME.sha256 | |
| fi | |
| ########## create gpg signature ########## | |
| echo "${{ secrets.GPG_RELEASE_PRIVATE_KEY }}" > private.key | |
| echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --pinentry-mode=loopback \ | |
| --passphrase-fd 0 --import private.key | |
| echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --pinentry-mode=loopback \ | |
| --passphrase-fd 0 --local-user 12B7166D9FD59124416952E34018C5DE3BF8C081 \ | |
| --armor --output $RELEASE_NAME.asc --detach-sign $RELEASE_NAME | |
| echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT | |
| - name: Storing binary as artefact | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 | |
| with: | |
| name: binary-${{ matrix.job.target}} | |
| path: target/${{ matrix.job.target }}/release/${{ steps.package-binary.outputs.release_name }}* | |
| publish-nightly: | |
| name: Publishing nightly builds | |
| needs: publish | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all workflow run artifacts | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 | |
| - name: Releasing nightly builds | |
| shell: bash | |
| run: | | |
| # set up some directories | |
| WORKING_DIR=$(mktemp -d) | |
| DEST_DIR=rustic | |
| # set up the github deploy key | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.NIGHTLY_RELEASE_KEY }}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| # set up git | |
| git config --global user.name "${{ github.actor }}" | |
| git config --global user.email "${{ github.actor }}" | |
| ssh-keyscan -H github.com > ~/.ssh/known_hosts | |
| GIT_SSH='ssh -i ~/.ssh/id_ed25519 -o UserKnownHostsFile=~/.ssh/known_hosts' | |
| # clone the repo into our working directory | |
| # we use --depth 1 to avoid cloning the entire history | |
| # and only the main branch to avoid cloning all branches | |
| GIT_SSH_COMMAND=$GIT_SSH git clone git@github.com:rustic-rs/nightly.git --branch main --single-branch --depth 1 $WORKING_DIR | |
| # ensure destination directory exists | |
| mkdir -p $WORKING_DIR/$DEST_DIR | |
| # do the copy | |
| for i in binary-*; do cp -a $i/* $WORKING_DIR/$DEST_DIR; done | |
| # create the commit | |
| cd $WORKING_DIR | |
| git add . | |
| git commit -m "${{ github.job }} from https://github.com/${{ github.repository }}/commit/${{ github.sha }}" || echo | |
| GIT_SSH_COMMAND=$GIT_SSH git pull --rebase | |
| GIT_SSH_COMMAND=$GIT_SSH git push |